Asus RT-AX3000 V2 Questions

[Deleted member 89206]

Hi,

I have a couple of questions regarding the Asus RT-AX3000 V2

1. Would you recommend turning on DNS rebind protection?

2. The Asus RT-AX3000 V2 is not supported by merlin firmware correct? On the developers website it only shows firmware for v1 (sorry if its a dumb question but in the process of learning networking).

3. Are the current settings listed at the end of this post providing a secure network for both iot and computers? (I tend to avoid enabling features that reduce privacy (from my understanding trend micro logs your activity when you enable certain features)

This is a flat network, and I don't think the router supports vlans or other interfaces.

Current Settings

IPV4

Firewall:

firewall enabled (have not placed any custom rules)

Enable DoS protection: No

Logged packets type: None

Respond ICMP Echo (ping) Request from WAN:No


IPV6:

Firewall:

firewall enabled (have not placed any custom rules, have not used the famous server list option)


Wifi:

WPA 2 Encryption.

WPS is disabled


Login:

Router Login Username: Changed

Router Login Password Changed


Ipv6:

ipv6 Enabled

Connection type: Native

DHCP-pD: Enabled

Auto Configuration Setting: Stateless

Connect to DNS Server automatically: Enabled

Enable Router Advertisement: Enabled


Various:

Telnet and ssh are disabled.

Remote Access is disabled.

UPnP is disabled.

Trend Micro features are disabled.

Alexa router settings are turned off.

 

[ColinTaylor]

1. Yes. If it causes problems for something then turn it off.
2. Correct.
3. Those look fine. If devices on your network are untrusted then you could enable AiProtection.

 

[Deleted member 89206]

1. Yes. If it causes problems for something then turn it off.
2. Correct.
3. Those look fine. If devices on your network are untrusted then you could enable AiProtection.

thank you. Its a shame that the merlin firmware is not compatible with the device as I was hoping to use skynet.

Without using trend micro features, merlin firmware, are the security features limited to what has already been mentioned?

 

[ColinTaylor]

Without AiProtection enabled it's much the same as any other router from a security perspective. You could choose a WAN DNS provider that blocks malicious sites (e.g. 1.1.1.2 or 9.9.9.9).

 

[Deleted member 89206]

Without AiProtection enabled it's much the same as any other router from a security perspective. You could choose a WAN DNS provider that blocks malicious sites (e.g. 1.1.1.2 or 9.9.9.9).

Would choosing a different domain name service provider be safer then the ISP?

I ask because my understanding is little when it comes to the networking world.

To be more specific on the goal, trying to protect my devices from attacks that would happen outside the local network.

The router does not seem like it supports interface assignment so network segregating and using vlans to protect the lan side is not possible?

 

[ColinTaylor]

Would choosing a different domain name service provider be safer then the ISP?

Check with your ISP. But most of them provide unfiltered DNS. Providers like Cloudflare or OpenDNS provide an option for filtering malicious or adult content. If you want unfiltered DNS then you might as well stick with your ISP DNS servers as they're likely to be quicker.

I ask because my understanding is little when it comes to the networking world.

To be more specific on the goal, trying to protect my devices from attacks that would happen outside the local network.

This is exactly what AiProtection is for, users that have limited networking knowledge but want enhanced security. TrendMicro does not collect your data despite the FUD and conspiracy theories. That said, if you don't expose any services to the internet then the router's firewall will block all unsolicited connection attempts anyway.

The router does not seem like it supports interface assignment so network segregating and using vlans to protect the lan side is not possible?

The only segmentation is for wireless devices. You can create guest Wi-Fi networks that are isolated from your main LAN.

 

[Deleted member 89206]

Check with your ISP. But most of them provide unfiltered DNS. Providers like Cloudflare or OpenDNS provide an option for filtering malicious or adult content. If you want unfiltered DNS then you might as well stick with your ISP DNS servers as they're likely to be quicker.


This is exactly what AiProtection is for, users that have limited networking knowledge but want enhanced security. TrendMicro does not collect your data despite the FUD and conspiracy theories. That said, if you don't expose any services to the internet then the router's firewall will block all unsolicited connection attempts anyway.


The only segmentation is for wireless devices. You can create guest Wi-Fi networks that are isolated from your main LAN.

Thank you for the information, and the help

 

[Tech9]

TrendMicro does collect antonymous data and this is the reason their data sharing agreement is in Privacy section of the firmware. What data the company may collect is described in the linked documents. What they actually collect today and will start collecting tomorrow is unknown. The broad agreement allows them to collect almost anything they are interested in and for an entire network. This is what the documents say. The rest is just opinions.

My personal opinion - not a true IDS/IPS on this hardware, mostly URL based filtering, limited packet inspection, can't see anything encrypted as usual, collects web history for services not really needing to share web history, doesn't do much with Safe Browsing enabled in modern browsers, generates often false positives, slows down the router. I see it as more data collection for improving commercial TrendMicro products than protection for home users.

The same TrendMicro service is offered in some TP-Link products as HomeCare.